summaryrefslogtreecommitdiffstats
path: root/policy-management
diff options
context:
space:
mode:
authorJorge Hernandez <jorge.hernandez-herrero@att.com>2019-10-25 15:34:59 +0000
committerGerrit Code Review <gerrit@onap.org>2019-10-25 15:34:59 +0000
commit21523fd8fcf5e266ace45988890ab9a8b3fab930 (patch)
tree85414692d033617314598b1335abdb0e0cea75cb /policy-management
parent62d67b8e2342e678c8f559939bb722ad6ddbd64f (diff)
parent327ac05ea0e29a8d604f187d78f1a48aa35d8b4a (diff)
Merge "Allow encrypted property values"
Diffstat (limited to 'policy-management')
-rw-r--r--policy-management/src/main/java/org/onap/policy/drools/system/Main.java9
-rw-r--r--policy-management/src/main/server/config/engine-system.properties12
-rw-r--r--policy-management/src/main/server/config/engine.properties25
3 files changed, 30 insertions, 16 deletions
diff --git a/policy-management/src/main/java/org/onap/policy/drools/system/Main.java b/policy-management/src/main/java/org/onap/policy/drools/system/Main.java
index 0e7b44f2..3451587b 100644
--- a/policy-management/src/main/java/org/onap/policy/drools/system/Main.java
+++ b/policy-management/src/main/java/org/onap/policy/drools/system/Main.java
@@ -21,7 +21,9 @@
package org.onap.policy.drools.system;
import java.util.Properties;
+import org.apache.commons.lang3.StringUtils;
import org.onap.policy.common.endpoints.event.comm.TopicEndpointManager;
+import org.onap.policy.common.utils.security.CryptoUtils;
import org.onap.policy.drools.persistence.SystemPersistenceConstants;
import org.onap.policy.drools.properties.DroolsPropertyConstants;
import org.onap.policy.drools.utils.PropertyUtil;
@@ -34,6 +36,10 @@ import org.slf4j.LoggerFactory;
* Programmatic entry point to the management layer.
*/
public class Main {
+ /**
+ * Symmetric Key to decode sensitive configuration data.
+ */
+ protected static final String SYSTEM_SYMM_KEY = "engine.symm.key";
/** constructor (hides public default one). */
private Main() {}
@@ -52,6 +58,9 @@ public class Main {
/* system properties */
for (Properties systemProperties : SystemPersistenceConstants.getManager().getSystemProperties()) {
+ if (!StringUtils.isBlank(systemProperties.getProperty(SYSTEM_SYMM_KEY))) {
+ PropertyUtil.setDefaultCryptoCoder(new CryptoUtils(systemProperties.getProperty(SYSTEM_SYMM_KEY)));
+ }
PropertyUtil.setSystemProperties(systemProperties);
}
diff --git a/policy-management/src/main/server/config/engine-system.properties b/policy-management/src/main/server/config/engine-system.properties
index c1f21b86..a61df280 100644
--- a/policy-management/src/main/server/config/engine-system.properties
+++ b/policy-management/src/main/server/config/engine-system.properties
@@ -30,8 +30,12 @@ com.sun.management.jmxremote.ssl=false
# certs
-javax.net.ssl.trustStore=${env:POLICY_HOME}/etc/ssl/policy-truststore
-javax.net.ssl.trustStorePassword=${env:TRUSTSTORE_PASSWD}
+javax.net.ssl.trustStore=${envd:POLICY_HOME:/opt/app/policy}/etc/ssl/policy-truststore
+javax.net.ssl.trustStorePassword=${envd:TRUSTSTORE_PASSWD}
-javax.net.ssl.keyStore=${env:POLICY_HOME}/etc/ssl/policy-keystore
-javax.net.ssl.keyStorePassword=${env:KEYSTORE_PASSWD}
+javax.net.ssl.keyStore=${envd:POLICY_HOME:/opt/app/policy}/etc/ssl/policy-keystore
+javax.net.ssl.keyStorePassword=${envd:KEYSTORE_PASSWD}
+
+# symmetric key for sensitive configuration data
+
+engine.symm.key=${envd:SYMM_KEY} \ No newline at end of file
diff --git a/policy-management/src/main/server/config/engine.properties b/policy-management/src/main/server/config/engine.properties
index aa9b6d80..4f114d88 100644
--- a/policy-management/src/main/server/config/engine.properties
+++ b/policy-management/src/main/server/config/engine.properties
@@ -22,27 +22,28 @@
dmaap.source.topics=PDPD-CONFIGURATION
-dmaap.source.topics.PDPD-CONFIGURATION.servers=${env:DMAAP_SERVERS}
-dmaap.source.topics.PDPD-CONFIGURATION.effectiveTopic=${env:PDPD_CONFIGURATION_TOPIC}
-dmaap.source.topics.PDPD-CONFIGURATION.apiKey=${env:PDPD_CONFIGURATION_API_KEY}
-dmaap.source.topics.PDPD-CONFIGURATION.apiSecret=${env:PDPD_CONFIGURATION_API_SECRET}
-dmaap.source.topics.PDPD-CONFIGURATION.consumerGroup=${env:PDPD_CONFIGURATION_CONSUMER_GROUP}
-dmaap.source.topics.PDPD-CONFIGURATION.consumerInstance=${env:PDPD_CONFIGURATION_CONSUMER_INSTANCE}
+dmaap.source.topics.PDPD-CONFIGURATION.servers=${envd:DMAAP_SERVERS}
+dmaap.source.topics.PDPD-CONFIGURATION.effectiveTopic=${envd:PDPD_CONFIGURATION_TOPIC}
+dmaap.source.topics.PDPD-CONFIGURATION.apiKey=${envd:PDPD_CONFIGURATION_API_KEY}
+dmaap.source.topics.PDPD-CONFIGURATION.apiSecret=${envd:PDPD_CONFIGURATION_API_SECRET}
+dmaap.source.topics.PDPD-CONFIGURATION.consumerGroup=${envd:PDPD_CONFIGURATION_CONSUMER_GROUP}
+dmaap.source.topics.PDPD-CONFIGURATION.consumerInstance=${envd:PDPD_CONFIGURATION_CONSUMER_INSTANCE}
dmaap.source.topics.PDPD-CONFIGURATION.managed=false
dmaap.source.topics.PDPD-CONFIGURATION.https=true
http.server.services=SECURED-CONFIG
-http.server.services.SECURED-CONFIG.host=${env:TELEMETRY_HOST}
+http.server.services.SECURED-CONFIG.host=${envd:TELEMETRY_HOST}
http.server.services.SECURED-CONFIG.port=9696
-http.server.services.SECURED-CONFIG.userName=${env:TELEMETRY_USER}
-http.server.services.SECURED-CONFIG.password=${env:TELEMETRY_PASSWORD}
+http.server.services.SECURED-CONFIG.userName=${envd:TELEMETRY_USER}
+http.server.services.SECURED-CONFIG.password=${envd:TELEMETRY_PASSWORD}
http.server.services.SECURED-CONFIG.restPackages=org.onap.policy.drools.server.restful
http.server.services.SECURED-CONFIG.managed=false
http.server.services.SECURED-CONFIG.swagger=true
http.server.services.SECURED-CONFIG.https=true
-http.server.services.SECURED-CONFIG.aaf=${env:AAF}
+http.server.services.SECURED-CONFIG.aaf=${envd:AAF:false}
http.server.services.SECURED-CONFIG.serialization.provider=org.onap.policy.common.gson.JacksonHandler,org.onap.policy.common.endpoints.http.server.YamlJacksonHandler
-aaf.namespace=${env:AAF_NAMESPACE}
-aaf.root.permission=${env:AAF_NAMESPACE}.pdpd
+aaf.namespace=${envd:AAF_NAMESPACE:false}
+aaf.root.permission=${envd:AAF_NAMESPACE:org.onap.policy}.pdpd
+